Injecting Activity Loads in WARP Mobile Client

Vulnerability

A security policy was missing in Cloudflare WARP Mobile Client for Android versions 6.29 and earlier [1][2]. This flaw allowed a malicious app installed on the same device to exploit a peculiarity in an Android function, dictating the task behaviour of the WARP app under certain conditions [1][2].

Exploitation

An attacker must have a malicious app installed on the victim's Android device [1][2]. No additional network position or authentication is required beyond app installation. The malicious app leverages the Android task behaviour peculiarity to influence the WARP app's activity loading, effectively hijacking its operations [1][2].

Impact

A successful attack allows the malicious app to dictate the task behaviour of the WARP app, potentially leading to unauthorized actions or data exposure within the WARP client's context [1][2]. The attacker gains control over the WARP app's tasks, which could compromise user privacy or security.

Mitigation

This vulnerability has been fixed in WARP Mobile Client version 6.29 for Android [2]. Users should update to version 6.29 or later to mitigate the issue. No workarounds are provided in the available references [1][2].